<?php
session_start();
class comments
{
	var $obj;
	var $city;
	var $objId;
	function __construct($obj, $city, $objId)
	{
		$this->obj=$obj;
		$this->city=$city;
		$this->objId=$objId;
	}
	function showComments($limit="")
	{
		$db_name=$this->obj.'c';
		$aConnect=new connect($db_name);
		if($limit)$query_limit="LIMIT ".$limit;
		$comNum=mysql_num_rows($aConnect->select_all($this->city, "WHERE ".$this->obj."_id='".$this->objId."'"));
		$res=$aConnect->select_all($this->city, "WHERE ".$this->obj."_id='".$this->objId."' ORDER BY data DESC $query_limit");
		if($limit && $comNum>$limit)
		{
			$showAll='<div align="center">
	      				<a href="comments.php?city='.$_GET['city'].'&id='.$_GET['id'].'&obj='.$this->obj.'" class="belink">Все отзывы ('.$comNum.')
	      				</a>
	      			</div>';
		}
		echo ('
		<link rel="stylesheet" type="text/css" href="style/comments.css" />
		<div class="comments">
		');
		while($row=mysql_fetch_array($res))
			$this->showAComment($row['user_name'], $row['user_status'], $row['stext'], $row['data']);
		echo ('
			'.$showAll.'
		</div>
		');
	}
	function showAComment($userName, $userStatus, $text, $data)
	{
		$brText=nl2br($text);
		$data=date_create($data);
		$data=date_format($data, 'd-m-Y');
		if($userStatus=="Гость")
			$src="images/guest.jpg";
		else
		{
			if(file_exists("avatars/".$userName.".jpg"))
				$src="avatars/".$userName.".jpg";
			else $src="images/Гость.jpg";
			$aConnect=new connect('main');
			$row=mysql_fetch_array($aConnect->select_all('users', "WHERE login='$userName'"));
			$data=date_format(date_create($row['data']), 'd-m-Y');
			$persInfo='<div class="persinfo">
							Отзывов: <font color="black"><b>'.$row['comments_made'].'</b></font>
						</div>
						<!--<div class="persinfo">
							репутация: <font color="black"><b>'.$row['carma'].'</b></font> из 10
						</div>-->
						<div class="persinfo">
							Зарегистрирован: <font color="black"><b>'.$data.'</b></font>
						</div>';
		}
		echo ('
		<div class="comment">
			<table border="0" cellspacing="0" cellpadding="0">
				<tr height="20">
					<td colspan="2">
						<div class="comdate" align="center">
							'.$data.'
						</div>
					</td>
				</tr>
				<tr height="40">
					<td class="cominfo" valign="top" align="center">
						<div class="comname">
							<b>'.$userName.'</b>
						</div>
						<div class="comfoto">
							<img src="'.$src.'" width="50" height="50" />
						</div>
						<div class="comstatus">
							'.$userStatus.'
						</div>
					</td>
					<td class="combody">
						<div class="comtext">
							'.$brText.'
						</div>
					</td>
				</tr>
				<tr>
					<td colspan="2" align="center" class="compers">
						'.$persInfo.'
					</td>
				</tr>
			</table>
		</div>
		');
	}
	function commentForm($login="")
	{
		echo ('
		<script type="text/javascript" src="scripts/comments.js">
		</script>
		');
		if($login)
		{
			$getName='
			<div class="hasName">
				'.$login.'
			</div>
			<input name="userName" id="comName" type="hidden" value="'.$login.'">
			<input name="userStatus" type="hidden" value="Пользователь">';
		}
		if($_SESSION['name'])
		{
			$getName='
			<div class="hasName">
				'.$_SESSION['name'].'
			</div>
			<input name="userName" id="comName" type="hidden" value="'.$_SESSION['name'].'">
			<input name="userStatus" type="hidden" value="Гость">';
		}
		else
		{
			$getName=
			'Введите имя: <br />
	        <input name="userName" id="comName" type="text" value=""><br />
	        <input name="userStatus" type="hidden" value="Гость">';
	    }
		echo ('
		<div class="addcom">
			<form name="addcom" action="" method="post" \
			onsubmit="return sendComment(document.getElementById(\'comName\').value, document.getElementById(\'comText\').value);">
				<center id="add">Добавьте свой отзыв</center>
				'.$getName.'
	            Введите отзыв:<br />
	            <textarea id="comText" name="text" cols="70" rows="5"></textarea>
	            <p align="right"><input type="submit" value="Разместить" id="sendbutton" name="addComment"></p>
			</form>
     	</div>
		');
	}
	function addComment ()
	{
		if(isset($_POST['addComment']))
		{
			$db_name=$this->obj.'c';
			$aConnect=new connect($db_name);
			function safety_check($value)
			{
				$value=@ strip_tags($value);
				$value=htmlspecialchars($value);
				$value=addslashes($value);
				$value=substr($value, 0, 1000);
				return $value;
			}
			$userName=safety_check($_POST['userName']);
			$userStatus=safety_check($_POST['userStatus']);
			$text=safety_check($_POST['text']);
			$objId=$this->objId;
			$objIdName=$this->obj.'_id';
			$date=date('Y-m-d H:i:s');
			if($userName && $userStatus && $text)
			{
				$data="".$objIdName."='$objId', user_name='$userName', user_status='$userStatus', stext='$text', data='$date'";
				if(!$_SESSION['login'])$_SESSION['name']=$userName;
				$aConnect->insert_data($this->city, $data);
				if($userStatus=="Пользователь")
				{
					$aConnect=new connect('main');
					$aConnect->update_data('users', "comments_made=comments_made+1", "WHERE login='$userName'");
				}
				unset($_POST);
			$redirect = $_SERVER['HTTP_REFERER'];
			@header('location: '.$redirect.'');//locate.php?href='.$redirect.'');
			exit;
			}
		}
	}

}
?>